Privacy Policy

Introduction

In order to operate, Stafford Rambling Group (SRG) needs to gather, store and use certain forms of information about its members and potential members. This policy explains how this data should be collected, stored and used in order to meet SRG’s data protection standards and comply with the General Data Protection Regulations (GDPR).

Why is this policy important?

This policy ensures that SRG

  • Protects the rights of our members
  • Complies with data protection law and follows good practice
  • Protects the group from the risks of a data breach

Roles and responsibilities

This policy applies to all those handling data on behalf of SRG e.g.:

  • Committee members
  • Members
  • Contractors/3rd-party suppliers

It applies to all data that SRG holds relating to individuals, including:

  • Names
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Any other personal information held (e.g. financial)

Roles and responsibilities

SRG is the Data Controller and will determine what data is collected and how it is used. The committee members are responsible for the secure, fair and transparent collection and use of data by SRG.

Everyone who has access to data as part of SRG has a responsibility to ensure that they adhere to this policy.

Data protection principles

SRG will only collect data where lawful and where it is necessary for the legitimate purposes of the group.

  • A member’s name and contact details will be collected when they first join the group, and will be used to contact the member regarding group membership administration and activities. Other data may also subsequently be collected in relation to their membership, including their payment history for membership subscriptions. Where possible SRG will anonymise this data
  • The name and contact details of contractors (eg hotels, restaurants, coach companies, holiday companies) will be collected when SRG is considering engaging their services and will be used to contact them regarding group administration related to their role.

    Further information, including personal financial information, may also be collected in specific circumstances where lawful and necessary (in order to process payment to the person).
  • An individual’s name and contact details will be collected when they make a booking for an SRG activity. This will be used to contact them about their booking and to allow them to participate in the event.
  • An individual’s name, contact details and other details may be collected at any time, with their consent, for SRG to communicate with them about and promote group activities.
  • Pseudonymous or anonymous data (including behavioural, technological and geographical/regional) on an individual may be collected via tracking ‘cookies’ when they access our website in order for us to monitor and improve our effectiveness on these channels. See ‘Cookies on the SRG website’ below.
  • SRG will not collect or store more data than the minimum information required for its intended purpose.
  • SRG will keep records for no longer than is necessary to meet the intended use for which it was gathered (unless there is a legal requirement to keep records).
  • Personal contact details, in particular email addresses, will be deleted from the mailing list on request or within a reasonable period should the person concerned not renew their membership.

SRG will ensure that data held by us is kept secure.

  • Electronically-held data will be held within a password-protected and secure environment
  • Passwords for electronic data files will be re-set each time an individual with data access leaves their role/position
  • Physically-held data (e.g. membership forms or email sign-up sheets) will be stored in a locked cupboard
  • Access to data will only be given to relevant committee members/event organisers/contractors where it is clearly necessary for the running of the group.

Individual’s rights

  • Right to be informed: whenever SRG collects data from new members it will provide a clear explanation of why it is being collected and how it will be used. New members are asked to complete a Data Use Form to clarify how they wish their personal details, including images, to be used.
  • Right to erasure: individuals can request for all data held on them to be deleted. SRG’s data retention policy will ensure data is not held for longer than is reasonably necessary in relation to the purpose it was originally collected. If a request for deletion is received, we will comply with the request unless:
  • There is a lawful reason to keep and use the data for legitimate interests or contractual obligation.
  • There is a legal requirement to keep the data.

Date stored by SRG may be retained based on statutory requirements for storing data other than data protection regulations:

  • Details of payments made and received (e.g. in bank statements and accounting records)
  • AGM and committee meeting minutes
  • Contracts and agreements with suppliers/customers
  • Insurance details

What personal information do we keep?

Membership data: electronic record maintained by the treasurer and committee member responsible for membership

  1. Name
  2. Address
  3. Home phone no
  4. Mobile phone no
  5. E-mail address
  6. BACS details (only where SRG makes regular payments – usually reimbursement of expenses to Committee members/event organisers

We maintain a group e-mail list derived from individual e-mail addresses to communicate information about the group’s activities.

This information is available to committee members/event organisers at the discretion of the Chair and Treasurer. It is not shared with outside organisations

Data relating to individual events: retained by the event organiser in a format decided by him/her

This data is collected on event booking forms (even though it might be available on the membership database. It may be shared with outside organisations who are party to the organisation of the event.

The booking forms are destroyed within 6 months of the event taking place. SRG retains data on participants in events for archive purposes.

What personal information do we publish?

Walks Programmes contain the name and telephone number of walk leaders. We do not include the surnames of walk leaders although we may use the initial letter for clarity. The programme also includes the name and telephone number of the walks co-ordinators. These programmes are retained for archive purposes

Booking forms: they contain the names and addresses of the organisers: a master copy of these forms is retained for archive purposes.

The Web-site and public Facebook page are in the public domain. Any photographs of group members do not identify individuals. The Data Use form completed by new members gives members the option to restrict use of images in the public domain.